Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SDN-5017: Add UDN Network Policy e2e tests #29195

Merged
merged 1 commit into from
Dec 18, 2024

Conversation

pperiyasamy
Copy link
Member

No description provided.

@pperiyasamy pperiyasamy marked this pull request as draft October 15, 2024 16:27
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 15, 2024
@openshift-ci openshift-ci bot requested review from knobunc and trozet October 15, 2024 16:32
@pperiyasamy pperiyasamy force-pushed the udn-netpol branch 2 times, most recently from cb413c2 to ba251b5 Compare October 16, 2024 11:52
@pperiyasamy pperiyasamy marked this pull request as ready for review October 16, 2024 11:52
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 16, 2024
@openshift-ci openshift-ci bot requested review from Miciah and sjenning October 16, 2024 11:53
@pperiyasamy
Copy link
Member Author

/assign @jluhrsen @tssurya @jcaamano

@openshift-trt-bot
Copy link

Job Failure Risk Analysis for sha: ba251b5

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade High
[sig-arch] events should not repeat pathologically for ns/openshift-machine-config-operator
This test has passed 99.55% of 222 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:single Upgrade:micro] in the last week.

@pperiyasamy
Copy link
Member Author

/test e2e-gcp-ovn-techpreview

@pperiyasamy
Copy link
Member Author

/test e2e-aws-ovn-single-node-techpreview

@pperiyasamy
Copy link
Member Author

/test e2e-gcp-ovn-techpreview

1 similar comment
@pperiyasamy
Copy link
Member Author

/test e2e-gcp-ovn-techpreview

@pperiyasamy
Copy link
Member Author

/test e2e-gcp-ovn-techpreview

@openshift-trt-bot
Copy link

Job Failure Risk Analysis for sha: 9475099

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-csi Medium
[bz-kube-apiserver][invariant] alert/KubeAPIErrorBudgetBurn should not be at or above info
This test has passed 94.44% of 36 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-csi'] in the last 14 days.

Open Bugs
SNO error rate for alert/KubeAPIErrorBudgetBurn should not be at or above info
pull-ci-openshift-origin-master-e2e-aws-ovn-kube-apiserver-rollout Low
[Conformance][Suite:openshift/kube-apiserver/rollout][Jira:"kube-apiserver"][sig-kube-apiserver] kube-apiserver should roll out new revisions without disruption [apigroup:config.openshift.io][apigroup:operator.openshift.io]
This test has passed 69.23% of 13 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-kube-apiserver-rollout'] in the last 14 days.

@pperiyasamy
Copy link
Member Author

/assign @ricky-rav

Th tests are ready for review now except NetPol tests are failing due to the bug OCPBUGS-43519.

Copy link

@ricky-rav ricky-rav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, I just added a minor comment.

I compared the code in test/extended/networking/network_segmentation_policy.go to what we have upstream in https://github.com/ovn-kubernetes/ovn-kubernetes/blob/master/test/e2e/network_segmentation_policy.go . I see you made a few changes especially for node selection and to adapt the code to what we have in origin to test reachability between two pods. All that looks good to me.

Can you just add a few words to the commit message saying that we're porting to origin the e2e tests we have upstream for network policies and can you also mention also the command you used to add the generate code?

Thanks, Peri!

return err
}, "30s", "1s").ShouldNot(o.HaveOccurred(), "cmd output: %s", out)
}

func podShouldNotReach(oc *exutil.CLI, podName, address string) {
namespacePodShouldNotReach(oc, "", podName, address)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your version is totally equivalent, but I think it's cleaner to just pass "default" as namespace, instead of relying on the empty string.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ricky-rav passing empty string for namespace is intentional here so that oc exec uses pod from f.Namespace.Name namespace.

out := ""
o.EventuallyWithOffset(1, func() error {
var err error
out, err = oc.AsAdmin().Run("exec").Args(podName, "--", "curl", "--connect-timeout", "1", address).Output()
if namespace == "" {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same thing here

clientPodConfig.namespace = f.Namespace.Name
clientPodConfig.nodeSelector = map[string]string{nodeHostnameKey: workerNodes[0].Name}
serverPodConfig.namespace = f.Namespace.Name
serverPodConfig.nodeSelector = map[string]string{nodeHostnameKey: workerNodes[len(workerNodes)-1].Name}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, so in case of a single-node cluster, this well schedule the server pod on the only available node.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, right. guess that should be fine.

@openshift-trt-bot
Copy link

Job Failure Risk Analysis for sha: a8af350

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade Medium
[sig-network] pods should successfully create sandboxes by writing network status
This test has passed 95.35% of 172 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:single Upgrade:micro] in the last week.

This commit is porting e2e tests (https://github.com/ovn-kubernetes/ovn-kubernetes/blob/master/test/e2e/network_segmentation_policy.go)
we have upstream for network policies into origin. The `make update` command
is run to generate required artifacts for the tests.

Signed-off-by: Periyasamy Palanisamy <[email protected]>
@pperiyasamy
Copy link
Member Author

/hold cancel

NetPol tests are passing now for primary UDN.

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 16, 2024
@pperiyasamy pperiyasamy changed the title UDN: Add Network Policy e2e tests SDN-5017: Add UDN Network Policy e2e tests Dec 17, 2024
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 17, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 17, 2024

@pperiyasamy: This pull request references SDN-5017 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@ricky-rav
Copy link

/lgtm
Thanks, Peri!

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 17, 2024
@pperiyasamy
Copy link
Member Author

/test e2e-metal-ipi-ovn-ipv6-techpreview
/test e2e-aws-ovn-hypershift-conformance-techpreview
/test e2e-azure-ovn-techpreview
/test e2e-metal-ipi-ovn-dualstack-techpreview
/test e2e-vsphere-ovn-techpreview
/test e2e-aws-ovn-techpreview
/test e2e-gcp-ovn-techpreview
/test e2e-metal-ipi-ovn-techpreview
/test openshift-e2e-gcp-ovn-techpreview-upgrade

@pperiyasamy
Copy link
Member Author

/test e2e-metal-ipi-ovn-ipv6-techpreview
/test e2e-metal-ipi-ovn-dualstack-techpreview

Copy link
Contributor

openshift-ci bot commented Dec 17, 2024

@pperiyasamy: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test e2e-aws-jenkins
/test e2e-aws-ovn-edge-zones
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-image-registry
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial
/test e2e-gcp-ovn
/test e2e-gcp-ovn-builds
/test e2e-gcp-ovn-image-ecosystem
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test images
/test lint
/test unit
/test verify
/test verify-deps

The following commands are available to trigger optional jobs:

/test 4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade-rollback
/test e2e-agnostic-ovn-cmd
/test e2e-aws
/test e2e-aws-csi
/test e2e-aws-disruptive
/test e2e-aws-etcd-certrotation
/test e2e-aws-etcd-recovery
/test e2e-aws-ovn
/test e2e-aws-ovn-cgroupsv2
/test e2e-aws-ovn-etcd-scaling
/test e2e-aws-ovn-ipsec-serial
/test e2e-aws-ovn-kube-apiserver-rollout
/test e2e-aws-ovn-kubevirt
/test e2e-aws-ovn-single-node
/test e2e-aws-ovn-single-node-serial
/test e2e-aws-ovn-single-node-techpreview
/test e2e-aws-ovn-single-node-techpreview-serial
/test e2e-aws-ovn-single-node-upgrade
/test e2e-aws-ovn-upgrade
/test e2e-aws-ovn-upgrade-rollback
/test e2e-aws-ovn-upi
/test e2e-aws-ovn-virt-techpreview
/test e2e-aws-proxy
/test e2e-azure
/test e2e-azure-ovn-etcd-scaling
/test e2e-azure-ovn-upgrade
/test e2e-baremetalds-kubevirt
/test e2e-external-aws
/test e2e-external-aws-ccm
/test e2e-external-vsphere-ccm
/test e2e-gcp-csi
/test e2e-gcp-disruptive
/test e2e-gcp-fips-serial
/test e2e-gcp-ovn-etcd-scaling
/test e2e-gcp-ovn-rt-upgrade
/test e2e-gcp-ovn-techpreview
/test e2e-gcp-ovn-techpreview-serial
/test e2e-hypershift-conformance
/test e2e-metal-ipi-ovn
/test e2e-metal-ipi-ovn-dualstack
/test e2e-metal-ipi-ovn-dualstack-local-gateway
/test e2e-metal-ipi-ovn-kube-apiserver-rollout
/test e2e-metal-ipi-serial
/test e2e-metal-ipi-serial-ovn-ipv6
/test e2e-metal-ipi-virtualmedia
/test e2e-metal-ovn-single-node-live-iso
/test e2e-metal-ovn-single-node-with-worker-live-iso
/test e2e-openstack-ovn
/test e2e-openstack-serial
/test e2e-vsphere
/test e2e-vsphere-ovn-dualstack-primaryv6
/test e2e-vsphere-ovn-etcd-scaling
/test okd-e2e-gcp
/test okd-scos-e2e-aws-ovn
/test okd-scos-images

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-origin-master-e2e-agnostic-ovn-cmd
pull-ci-openshift-origin-master-e2e-aws-csi
pull-ci-openshift-origin-master-e2e-aws-ovn-cgroupsv2
pull-ci-openshift-origin-master-e2e-aws-ovn-edge-zones
pull-ci-openshift-origin-master-e2e-aws-ovn-fips
pull-ci-openshift-origin-master-e2e-aws-ovn-kube-apiserver-rollout
pull-ci-openshift-origin-master-e2e-aws-ovn-microshift
pull-ci-openshift-origin-master-e2e-aws-ovn-microshift-serial
pull-ci-openshift-origin-master-e2e-aws-ovn-serial
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-serial
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade
pull-ci-openshift-origin-master-e2e-aws-ovn-upgrade
pull-ci-openshift-origin-master-e2e-gcp-csi
pull-ci-openshift-origin-master-e2e-gcp-ovn
pull-ci-openshift-origin-master-e2e-gcp-ovn-rt-upgrade
pull-ci-openshift-origin-master-e2e-gcp-ovn-upgrade
pull-ci-openshift-origin-master-e2e-hypershift-conformance
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-ipv6
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-kube-apiserver-rollout
pull-ci-openshift-origin-master-e2e-openstack-ovn
pull-ci-openshift-origin-master-images
pull-ci-openshift-origin-master-lint
pull-ci-openshift-origin-master-okd-scos-e2e-aws-ovn
pull-ci-openshift-origin-master-unit
pull-ci-openshift-origin-master-verify
pull-ci-openshift-origin-master-verify-deps

In response to this:

/test e2e-metal-ipi-ovn-ipv6-techpreview
/test e2e-metal-ipi-ovn-dualstack-techpreview

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@pperiyasamy
Copy link
Member Author

/payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-techpreview
/payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-ipv6-techpreview
/payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-dualstack-techpreview

Copy link
Contributor

openshift-ci bot commented Dec 17, 2024

@pperiyasamy: trigger 3 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-techpreview
  • periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-ipv6-techpreview
  • periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-dualstack-techpreview

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/82215190-bc72-11ef-99f1-280124d36f30-0

@pperiyasamy
Copy link
Member Author

/assign @dgoodwin @stbenjam

@dgoodwin
Copy link
Contributor

/approve

Copy link
Contributor

openshift-ci bot commented Dec 17, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dgoodwin, pperiyasamy, ricky-rav

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 17, 2024
@tssurya
Copy link
Contributor

tssurya commented Dec 17, 2024

/cherry-pick release-4.18

@openshift-cherrypick-robot

@tssurya: once the present PR merges, I will cherry-pick it on top of release-4.18 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD b7c61a7 and 2 for PR HEAD 544fc05 in total

1 similar comment
@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD b7c61a7 and 2 for PR HEAD 544fc05 in total

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 549f564 and 1 for PR HEAD 544fc05 in total

Copy link
Contributor

openshift-ci bot commented Dec 18, 2024

@pperiyasamy: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ovn-single-node-upgrade 544fc05 link false /test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-metal-ipi-ovn 544fc05 link false /test e2e-metal-ipi-ovn
ci/prow/okd-scos-e2e-aws-ovn 544fc05 link false /test okd-scos-e2e-aws-ovn
ci/prow/e2e-aws-ovn-single-node-techpreview 544fc05 link false /test e2e-aws-ovn-single-node-techpreview

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Copy link

openshift-trt bot commented Dec 18, 2024

Job Failure Risk Analysis for sha: 544fc05

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-serial Medium
[sig-storage][Feature:Cluster-CSI-Snapshot-Controller-Operator][Serial][apigroup:operator.openshift.io] should restart webhook Pods if csi-snapshot-webhook-secret is deleted [Suite:openshift/conformance/serial]
This test has passed 97.30% of 74 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.19-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-ci-4.19-e2e-aws-ovn-serial'] in the last 14 days.
---
[sig-storage][Feature:Cluster-CSI-Snapshot-Controller-Operator][Serial][apigroup:operator.openshift.io] should restart webhook Pods if csi-snapshot-webhook-secret expiry annotation is changed [Suite:openshift/conformance/serial]
This test has passed 97.30% of 74 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.19-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-ci-4.19-e2e-aws-ovn-serial'] in the last 14 days.

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD edec610 and 0 for PR HEAD 544fc05 in total

@openshift-merge-bot openshift-merge-bot bot merged commit b331d38 into openshift:master Dec 18, 2024
29 of 31 checks passed
@openshift-cherrypick-robot

@tssurya: new pull request created: #29385

In response to this:

/cherry-pick release-4.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

Distgit: openshift-enterprise-tests
This PR has been included in build openshift-enterprise-tests-container-v4.19.0-202412190006.p0.gb331d38.assembly.stream.el9.
All builds following this will include this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.